‹ Back
01 Feb 24
Security & Fraud

Acquirers: What’s Your Payment Technology Partner’s Track Record with Security?

Listen to this article

No one wants to be associated with a data breach, least of all an acquiring bank or payment processor. Still, the financial industry is more often finding itself a target. For instance, Sophos’ State of Ransomware in Financial Services 2023 found that the rate of ransomware in the financial sector was 64%, rising from 55% last year. Furthermore, the rate has almost doubled since 2021. Sophos research also confirmed that financial institutions are fighting back with payment security solutions, making substantial investments in endpoint protection, zero-trust solutions, 24/7 threat detection, and other technologies. Still, threat actors continue to find their way in with phishing and email schemes and exploit vulnerabilities.

Where Threat Actors Find Vulnerabilities

Although acquirers work hard to build iron-clad cybersecurity in their IT ecosystem, they need to do more. It’s also critical to consider their partners’ payment technology. Attackers have been successful at gaining entrance to systems and stealing data by exploiting vulnerabilities in payment devices. The Register reported in 2022 that threat actors used two types of point of sale malware to infect payment terminals and steal data from more than 167,000 credit card accounts. A few years earlier, hackers deployed malware on a convenience store’s payment terminals on the counters and fuel pumps to steal credit card data, affecting about 34 million consumer accounts.

Attacks of this nature underscore the importance of partnering with payment technology companies that take a security-first approach to device design and platform development. Acquirers who partner with companies that market devices with vulnerabilities can invite cyberattacks and data breaches. Then, if they occur, those devices listed on your website will be a liability to your business’s reputation.

How to Evaluate a Partner’s Payment Technology Security Posture

Working with a payment technology partner that’s Payment Card Industry (PCI-certified) is a given. The PCI Data Security Standard (PCI DSS) includes technical requirements for devices, infrastructure, and systems involved in processing payment transactions. You must begin vetting a partner by ensuring the company and its specific products are included on PCI’s list of approved PIN Transaction Security (PTS) devices.

However, acquirers should do more to ensure the payment devices they’re enabling merchants to use provide the highest degree of security. Acquirers must investigate the payment technology company’s approach and get the answers they need to ensure their partners have an effective strategy.

Ingenico, for example, takes a balanced approach to security. Our strategy is to limit the footprint where data exists within a network, keeping the attack surface small. Then, we focus on creating multiple layers to secure cardholder data, including point-to-point encryption (P2PE), which protects data in transit from the payment terminal to your system and to card brands. It replaces human-readable card data with a cryptograph, which can only be decrypted with a key. Tokenization also helps to protect cardholder data. It replaces readable cardholder information with a randomly generated code that merchants can use to “remember” customers' account information for their convenience when making future purchases. But it doesn’t put data at risk if a cybercriminal gains access to a merchant’s IT environment. A layered approach helps to protect data because if threat actors gain access to a system, they won’t find anything monetizable to steal or hold for ransom.

Another way to ensure your payment technology partner has a good track record with security is to do your due diligence and research the company. Search the internet, read the headlines, and familiarize yourself with past data breaches and investigations. If you find red flags, dig deeper to make the best decisions for the merchants you serve and for your business.

Learn More

An effectively marketed payment technology company is no guarantee that it’s a partner that will help you keep cardholder data secure. Approach partnerships circumspectly.

To learn more about Ingenico’s approach to payment security, our balanced approach to keeping cardholder data safe, and our security-first strategy for product development, contact us.

Tracy cline.png

Tracy Cline

Head of Enterprise Sales

Ingenico US

Also in Security & Fraud

22 Apr 24
Highlights from ETA TRANSACT 2024
Read more
02 Apr 24
How to Simplify Cross-Border Payments
Read more
29 Mar 24
Mastering the Complexity of Multi-Lane Payment Device Management
Read more
20 Mar 24
How to Effectively Make Portable POS a Part of a Retailer’s Strategy
Read more
12 Mar 24
ISVs: Adapt to the Growing Demand for Contactless Payments
Read more
05 Mar 24
Line-Busting Is Easy with the Right Payment Technologies
Read more
27 Feb 24
Cover All the Bases When Planning for and Communicating Sustainability
Read more
06 Feb 24
SoftPOS Secures Its Place in the New World of Commerce
Read more
prev next
newsletter
Stay informed

Get the latest news about Ingenico.

See all news
contact us
Any questions or feedback?

Send us a message using the link below and we'll reply as soon as possible.

Contact sales